wireshark - security update

2015-04-2200:00:00

Google

osv.dev

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

The following vulnerabilities were discovered in the Squeeze’s Wireshark
version:

CVE-2015-2188 The WCP dissector could crash
CVE-2015-0564 Wireshark could crash while decypting TLS/SSL sessions
CVE-2015-0562 The DEC DNA Routing Protocol dissector could crash
CVE-2014-8714 TN5250 infinite loops
CVE-2014-8713 NCP crashes
CVE-2014-8712 NCP crashes
CVE-2014-8711 AMQP crash
CVE-2014-8710 SigComp UDVM buffer overflow
CVE-2014-6432 Sniffer file parser crash
CVE-2014-6431 Sniffer file parser crash
CVE-2014-6430 Sniffer file parser crash
CVE-2014-6429 Sniffer file parser crash
CVE-2014-6428 SES dissector crash
CVE-2014-6423 MEGACO dissector infinite loop
CVE-2014-6422 RTP dissector crash

Since back-porting upstream patches to 1.2.11-6+squeeze15 did not fix
all the outstanding issues and some issues are not even tracked publicly
the LTS Team decided to sync squeeze-lts’s wireshark package with
wheezy-security to provide the best possible security support.

Note that upgrading Wireshark from 1.2.x to 1.8.x introduces
several backward-incompatible changes in package structure, shared
library API/ABI, availability of dissectors and in syntax of command
line parameters.

CPENameOperatorVersion
wiresharkeq1.6.5-1
wiresharkeq1.2.11-6+squeeze14
wiresharkeq1.8.0-1
wiresharkeq1.2.11-6+squeeze6
wiresharkeq1.6.3-1
wiresharkeq1.4.1-1
wiresharkeq1.2.11-6+squeeze1
wiresharkeq1.8.2-5wheezy5
wiresharkeq1.4.2-2
wiresharkeq1.2.11-6+squeeze7

Name	Operator	Version
wireshark	eq	1.6.5-1
wireshark	eq	1.2.11-6+squeeze14
wireshark	eq	1.8.0-1
wireshark	eq	1.2.11-6+squeeze6
wireshark	eq	1.6.3-1
wireshark	eq	1.4.1-1
wireshark	eq	1.2.11-6+squeeze1
wireshark	eq	1.8.2-5wheezy5
wireshark	eq	1.4.2-2
wireshark	eq	1.2.11-6+squeeze7